Paul Bijnens wrote:
> On 2009-05-25 12:51, carlopmart wrote:
>> I have a problem using named with different CentOS5 servers (2 servers): all
>> they are really slow to resolv any internet address and most of time fails to
>> resolv. This situation differs if I use "forwarders" servers like opendns:
>> resolving names it is really really quickly. And I don't understand why.
>>
>> On the other hand I have tested three DNS servers using Windows 2003, Windows
>> 2008 and Ubuntu hardy and these problems doesn't occurs (I don't need to
>> configure forwarders on any of them): all resolves any name and really fast.
>>
>> IPv6 is disabled on both CentOS servers. Somebody knows why these dns servers
>> are slow??
>
>
> My crystal ball is in repair. Could you in the meantime add some more
> hints, e.g. your config files, and how you diagnosed the slowness.
>
> My CentOS5 DNS-servers do resolve really quickly, with or without forwarders.
>
>
Ok, my named.conf:
//
// named.conf
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
listen-on port 53 { 127.0.0.1; 172.25.50.10; };
version "DNS Server v2.0";
dnssec-enable no;
query-source port 53;
forwarders { 208.67.220.220; 208.67.222.222; };
};
logging {
channel security_channel {
file "/var/named/data/security.log" versions 3 size 1m;
severity debug;
print-time yes;
print-category yes;
print-severity yes;
};
channel default {
syslog local4;
severity info;
print-category yes;
print-severity yes;
};
channel query_log {
file "/var/named/data/query.log" versions 3 size 1m;
print-time yes;
};
category security {
security_channel;
default;
};
category queries {
query_log;
};
channel default_debug {
file "/var/named/data/named.run";
severity dynamic;
};
category lame-servers { null; };
category default { default; };
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
As you can see, I need to use "query-source port" param too with forwarders to
resolv names (and this is really really ugly).
And some examples:
- Using "query-source port" and "forwarders" directives:
[root at thranduil data]# nslookup
> bugs.centos.org
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: bugs.centos.org
Address: 72.232.194.162
.. all it is normal and really fast.
- Disabling "query-source port" and "forwarders" directives:
[root at thranduil data]# nslookup
> www.google.com
;; connection timed out; no servers could be reached
first attempt fails ...
root at thranduil data]# nslookup
> www.google.com
;; connection timed out; no servers could be reached
second attempt fails and ..
root at thranduil data]# nslookup
> www.google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 209.85.227.99
Name: www.l.google.com
Address: 209.85.227.103
Name: www.l.google.com
Address: 209.85.227.104
Name: www.l.google.com
Address: 209.85.227.147
.. at third attempt works ...
same tests using ubuntu hardy without using "query-source" and "forwarders"
directives, works.
Do you need more info??
--
CL Martinez
carlopmart {at} gmail {d0t} com